SUSE-SU-2018:0552-2: moderate: Security update for SUSE Manager Server 3.1
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Mar 8 10:13:01 MST 2018
SUSE Security Update: Security update for SUSE Manager Server 3.1
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:0552-2
Rating: moderate
References: #1015956 #1016377 #1022077 #1022078 #1028285
#1031081 #1036302 #1045289 #1055296 #1061273
#1061574 #1063419 #1063759 #1064258 #1065023
#1065259 #1067608 #1068032 #1069943 #1070161
#1070372 #1070597 #1070782 #1071314 #1071468
#1071526 #1071553 #1072153 #1072157 #1072160
#1072797 #1073474 #1073482 #1073619 #1073713
#1073739 #1074300 #1074430 #1074508 #1074854
#1075044 #1075254 #1075345 #1075408 #1075862
#1076034 #1076201 #1076578 #1077076 #1077730
#1078749 #1079820 #979616 #979633
Cross-References: CVE-2017-5715 CVE-2017-5753 CVE-2017-5754
Affected Products:
SUSE Manager Server 3.1
______________________________________________________________________________
An update that solves three vulnerabilities and has 51
fixes is now available.
Description:
This update fixes the following issues:
nutch:
- Fix hadoop log dir. (bsc#1061574)
osad, rhnlib:
- Fix update mechanism when updating the updateservice (bsc#1073619)
pxe-default-image:
- Spectre and Meltdown mitigation. (CVE-2017-5753, CVE-2017-5715,
CVE-2017-5754, bsc#1068032)
spacecmd:
- Support multiple FQDNs per system. (bsc#1063419)
- Added custom JSON encoder in order to parse date fields correctly.
(bsc#1070372)
spacewalk-backend:
- Fix spacewalk-data-fsck restore of broken package database entry.
(bsc#1071526)
- Support multiple FQDNs per system. (bsc#1063419)
- Fix restore hostname and ip*addr in templated documents. (bsc#1075044)
- Fix directory name in spacewalk-data-fsck.
spacewalk-branding:
- Replace custom states with configuration channels.
- Fix pre formatted code. (bsc#1067608)
- Fix message about package profile sync. (bsc#1073739)
- Fix naming of the Tools channel. (bsc#979633)
spacewalk-client-tools:
- Support multiple FQDNs per system. (bsc#1063419)
- Fix update mechanism when updating the updateservice. (bsc#1073619)
spacewalk-java:
- Fix the file count for deployed files. (bsc#1074300)
- Remove previous activation keys when migrating to salt. (bsc#1031081)
- Improve webui for comparing files. (bsc#1076201)
- Separate Salt calls based on config revisions and server grouping.
(bsc#1074854)
- For minion, no option to modifiy config file but just view.
- Handle gpg_check correctly. (bsc#1076578)
- Uniform date formatting in System Details view. (bsc#1045289)
- Import content of custom states from filesystem to database on startup,
backup old state files.
- Change the directory of the (normal) configuration channels from
mgr_cfg_org_N to manager_org_N.
- Replace custom states with configuration channels.
- Hide ownership/permission fields from create/upload config file forms
for state channels. (bsc#1072153)
- Hide files from state channels from deploy/compare file lists.
(bsc#1072160)
- Disable and hide deploy files tab for state config channels.
(bsc#1072157)
- Allow ordering config channels in state revision.
- Disallow creating 'normal' config channels when a 'state' channel with
the same name and org already exists and vice versa.
- UI has been updated to manage state channels.
- Support multiple FQDNs per system. (bsc#1063419)
- Setting 'Base Channels' as default tab for 'Channels' tab in SSM
Overview screen. (bsc#979616)
- Log triggers that are in ERROR state.
- Refresh pillar data on formular change. (bsc#1028285)
- Uniform the notification message when rebooting a system. (bsc#1036302)
- Avoid use of the potentially-slow rhnServerNeededPackageCache view.
- Speed up scheduling of package updates through the SSM. (bsc#1076034)
- Fix encoding/decoding of url_bounce with more parameters. (bsc#1075408)
- After dry-run, sync channels back with the server. (bsc#1071468)
- Fix message about package profile sync. (bsc#1073739)
- On registration, assign server to the organization of the creator when
activation key is empty. (bsc#1016377)
- Fix logging issues when saving autoyast profiles. (bsc#1073474)
- Add VM state as info gathered from VMware. (bsc#1063759)
- Improve performance of token checking, when RPMs or metadata are
downloaded from minions. (bsc#1061273)
- Allow selecting unnamed context in kubeconfig. (bsc#1073482)
- Fix action names and date formatting in system event history.
(bsc#1073713)
- Fix incorrect 'os-release' report after SP migration. (bsc#1071553)
- Fix failed package installation when in RES 32 and 64 bit packages are
installed together. (bsc#1071314)
- Add user preferences in order to change items-per-page. (bsc#1055296)
- Order salt formulas alphabetically. (bsc#1022077)
- Improved error message. (bsc#1064258)
- Display messages about wrong input more end-user friendly. (bsc#1015956)
- Add api calls for content staging.
- Fix content refresh when product keys change. (bsc#1069943)
- Allow 'Package List Refresh' when package arch has changed. (bsc#1065259)
- New API call for scheduling highstate application.
- Adding initial version of web ui notifications.
- Show the time on the event history page in the users preferred timezone.
spacewalk-reports, spacewalk-search:
- More rhnServerNetwork refactoring (bsc#1063419)
spacewalk-utils:
- Remove restrictions imposed on regex used in 'removelist' parameter
passed to spacewalk-clone-by-date that allowed
only exact match. (bsc#1075254)
spacewalk-web:
- Replace custom states with configuration channels.
- Add 'yaml' option for Ace editor.
- Add links to salt formula list and adjust behavior. (bsc#1022078)
- Allow selecting unnamed context in kubeconfig. (bsc#1073482)
- Add user preferences in order to change items-per-page. (bsc#1055296)
- Fix main menu column height.
- Adding initial version of web ui notifications.
susemanager:
- Fix custom SERVER_KEY overriding. (bsc#1075862)
- Detect subvolumes on /var even with newer btrfs tools. (bsc#1077076)
- Notify admin that database backups need reconfiguration after db upgrade.
- Add syslinux-x86_64 dependency for ppc64le. (bsc#1065023)
- Do not try to force db encoding on db upgrade; use same value as for
installation. (bsc#1077730)
susemanager-schema:
- Make migration idempotent. (bsc#1078749)
- Fix schema with proper extension. (bsc#1079820)
- Migrate old custom states to state channels, assign systems to these new
channels, delete old custom-state-to-system assignments, delete the
custom states from the db; Before migrating, rename custom states with
same name as existing configuration channel labels.
- Update queries for global channels.
- Check if channel is already subscribed even before checking if parent
channel is subscribed or not. (bsc#1072797)
- Support multiple FQDNs per system. (bsc#1063419)
- Avoid use of the potentially-slow rhnServerNeededPackageCache view.
- Handle duplicate serverpackage entries while fixing duplicate evr ids.
(bsc#1075345)
- Fix duplicate entries in channel listings.
- Handle nevra not found case while fixing duplicate evr ids. (bsc#1074508)
- Added a script which will remove existing server locks against minions.
(bsc#1064258)
- Add column to store the 'test' option for state apply actions.
- Adding initial version of web ui notifications.
susemanager-sls:
- Compare osmajorrelease in jinja always as integer.
- Python3 compatibility fixes in modules and states.
- Fix cleanup state error when deleting ssh-push minion. (bsc#1070161)
- Fix image inspect when entrypoint is used by overwriting it.
(bsc#1070782)
susemanager-sync-data:
- Use TLS for mirroring OES2018 channels. (bsc#1074430)
- Add SUSE Manager Server 3.0 and 3.1 channels for mirroring.
virtual-host-gatherer:
- Add VM state as info gathered from VMware. (bsc#1063759)
- Explore the entire tree of nodes from VMware. (bsc#1070597)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Manager Server 3.1:
zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-361=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Manager Server 3.1 (ppc64le s390x):
spacewalk-branding-2.7.2.11-2.12.6
susemanager-3.1.12-2.12.3
susemanager-tools-3.1.12-2.12.3
- SUSE Manager Server 3.1 (noarch):
nutch-1.0-0.9.6.2
osa-common-5.11.80.5-2.9.2
osa-dispatcher-5.11.80.5-2.9.2
pxe-default-image-3.1-0.13.3.3
pxe-default-image-debugsource-3.1-0.13.3.3
rhnlib-2.7.2.2-3.3.2
spacecmd-2.7.8.9-2.12.2
spacewalk-backend-2.7.73.11-2.12.3
spacewalk-backend-app-2.7.73.11-2.12.3
spacewalk-backend-applet-2.7.73.11-2.12.3
spacewalk-backend-config-files-2.7.73.11-2.12.3
spacewalk-backend-config-files-common-2.7.73.11-2.12.3
spacewalk-backend-config-files-tool-2.7.73.11-2.12.3
spacewalk-backend-iss-2.7.73.11-2.12.3
spacewalk-backend-iss-export-2.7.73.11-2.12.3
spacewalk-backend-libs-2.7.73.11-2.12.3
spacewalk-backend-package-push-server-2.7.73.11-2.12.3
spacewalk-backend-server-2.7.73.11-2.12.3
spacewalk-backend-sql-2.7.73.11-2.12.3
spacewalk-backend-sql-oracle-2.7.73.11-2.12.3
spacewalk-backend-sql-postgresql-2.7.73.11-2.12.3
spacewalk-backend-tools-2.7.73.11-2.12.3
spacewalk-backend-xml-export-libs-2.7.73.11-2.12.3
spacewalk-backend-xmlrpc-2.7.73.11-2.12.3
spacewalk-base-2.7.1.14-2.12.3
spacewalk-base-minimal-2.7.1.14-2.12.3
spacewalk-base-minimal-config-2.7.1.14-2.12.3
spacewalk-client-tools-2.7.6.3-3.3.3
spacewalk-html-2.7.1.14-2.12.3
spacewalk-java-2.7.46.10-2.14.2
spacewalk-java-config-2.7.46.10-2.14.2
spacewalk-java-lib-2.7.46.10-2.14.2
spacewalk-java-oracle-2.7.46.10-2.14.2
spacewalk-java-postgresql-2.7.46.10-2.14.2
spacewalk-reports-2.7.5.4-2.6.3
spacewalk-search-2.7.3.4-2.9.7
spacewalk-taskomatic-2.7.46.10-2.14.2
spacewalk-utils-2.7.10.6-2.6.3
susemanager-schema-3.1.15-2.16.1
susemanager-sls-3.1.15-2.16.2
susemanager-sync-data-3.1.10-2.14.2
virtual-host-gatherer-1.0.16-2.9.3
virtual-host-gatherer-Kubernetes-1.0.16-2.9.3
virtual-host-gatherer-VMware-1.0.16-2.9.3
References:
https://www.suse.com/security/cve/CVE-2017-5715.html
https://www.suse.com/security/cve/CVE-2017-5753.html
https://www.suse.com/security/cve/CVE-2017-5754.html
https://bugzilla.suse.com/1015956
https://bugzilla.suse.com/1016377
https://bugzilla.suse.com/1022077
https://bugzilla.suse.com/1022078
https://bugzilla.suse.com/1028285
https://bugzilla.suse.com/1031081
https://bugzilla.suse.com/1036302
https://bugzilla.suse.com/1045289
https://bugzilla.suse.com/1055296
https://bugzilla.suse.com/1061273
https://bugzilla.suse.com/1061574
https://bugzilla.suse.com/1063419
https://bugzilla.suse.com/1063759
https://bugzilla.suse.com/1064258
https://bugzilla.suse.com/1065023
https://bugzilla.suse.com/1065259
https://bugzilla.suse.com/1067608
https://bugzilla.suse.com/1068032
https://bugzilla.suse.com/1069943
https://bugzilla.suse.com/1070161
https://bugzilla.suse.com/1070372
https://bugzilla.suse.com/1070597
https://bugzilla.suse.com/1070782
https://bugzilla.suse.com/1071314
https://bugzilla.suse.com/1071468
https://bugzilla.suse.com/1071526
https://bugzilla.suse.com/1071553
https://bugzilla.suse.com/1072153
https://bugzilla.suse.com/1072157
https://bugzilla.suse.com/1072160
https://bugzilla.suse.com/1072797
https://bugzilla.suse.com/1073474
https://bugzilla.suse.com/1073482
https://bugzilla.suse.com/1073619
https://bugzilla.suse.com/1073713
https://bugzilla.suse.com/1073739
https://bugzilla.suse.com/1074300
https://bugzilla.suse.com/1074430
https://bugzilla.suse.com/1074508
https://bugzilla.suse.com/1074854
https://bugzilla.suse.com/1075044
https://bugzilla.suse.com/1075254
https://bugzilla.suse.com/1075345
https://bugzilla.suse.com/1075408
https://bugzilla.suse.com/1075862
https://bugzilla.suse.com/1076034
https://bugzilla.suse.com/1076201
https://bugzilla.suse.com/1076578
https://bugzilla.suse.com/1077076
https://bugzilla.suse.com/1077730
https://bugzilla.suse.com/1078749
https://bugzilla.suse.com/1079820
https://bugzilla.suse.com/979616
https://bugzilla.suse.com/979633
More information about the sle-security-updates
mailing list